Hacking dRuby RMI Server 1.8

Oct. 8, 2017 0 comments Hacking Tutorials Pen Testing & Audits

In this tutorial we will be hacking dRuby using a remote code execution vulnerability in the dRuby RMI server that is running on Metasploitable 2. dRuby is a distributed object system for Ruby and is written in Ruby. dRuby uses its own protocol and binds itself to a URI such as druby://example.com on port 8787. By default port 8787 is not scanned by Nmap since it is not included in the list of 1.000 common ports which are scanned by default when no additional port options are specified. Open port 8787 on Metasploitable 2 would remain unnoticed unless we would be using the -p- flag to scan all 65535 ports or use a port range which includes port 8787. This example shows us how important it is to always run a full port scan on a target when performing network enumeration. We could easily be missing crucial information which can be used to compromise the target.